I have two smart card readers connected to my computer and each has a card plugged in. Using the PKCS 11 API I want to find out if the user PIN of the smarts cards is locked. According to the API documentation we must retrieve an object of the struct CK_TOKEN_INFO which contains the flags field. There, the bit flag CKF_SO_PIN_LOCKED is set if the PIN is locked.
My problem is that the flags field does not change if I have a locked smart card and an unlocked one. I know that one of my two chip cards has a locked user PIN. I entered a wrong PIN 6 times and a program that we use to write on the smart cards tells me that the PIN is indeed locked. However the flags field is the same for both cards.
Here is a minimal program which demonstrates the issue:
#include <iostream>
#include <vector>
#include "cm-pkcs11.h"
unsigned long slotCount = 0ul;
CK_RV result;
std::vector<CK_SLOT_ID> vecSlotIds;
int main() {
result = C_Initialize(nullptr);
result = C_GetSlotList(CK_TRUE, nullptr, &slotCount);
std::cout << "Found " << slotCount << " slots" << std::endl;
vecSlotIds.resize(slotCount);
result = C_GetSlotList(CK_TRUE, vecSlotIds.data(), &slotCount);
for (const auto& id : vecSlotIds) {
CK_TOKEN_INFO tokenInfo = {};
result = C_GetTokenInfo(id, &tokenInfo);
std::cout << "id: " << id << ", flags: " << tokenInfo.flags << std::endl;
}
return 0;
}
The output is:
Found 2 slots
id: 1, flags: 1037
id: 2, flags: 1037
As you can see, both flags are identical. Do I use the API incorrect here?
